Friday, March 30, 2007

Secure Email Attachments with TrueCrypt

Digital documents have finally come of age. We now increasingly receive our bank statements, insurance quotes and receipts as digital files such as Word or PDF. Also, there is often a need to attach these documents to an email. Securing these attachments in transit over the Internet is an immediate concern. There are a number of solutions available such as Hushmail, a secure free email provider and PGP Desktop Email, a commercial email encryption product. The solution that I discuss here is based on a free, open-source encryption software called Truecrypt.

Truecrypt makes using bullet-proof encryption really easy through the concept of virtual encrypted disks. Each disk is stored as a single encrypted file and can be mounted as a real disk. Once mounted, it can be used as a local drive on the system. Entire hard-drives or USB memory sticks can be encrypted as well. Volumes can be protected using a password or through key files. Any file on the system can be used as a key file as an alternative or in addition to using a password. The key file or sequence of key files is required to encrypt and decrypt the disk.

The concept of key files makes using Truecrypt really valuable while sending sensitive attachments over email. In addition to using a password, if the sender and the receiver agree on a common file or a sequence of files that are uniquely present on both systems such as digital photographs or video clips, the encryption can be made highly secure. Hence the encrypted attachments are useless if intercepted during transit without the key files.

Truecrypt is extremely simple to use and hence there is just no excuse for not securing confidential files on storage or in transit.